Open Stack

Carl,

Thanks for the reply.

I agree that FWaaS with DVR and FWaaS - Security Groups API Alignment affect each other. My hope was that we could narrow down FWaaS with DVR first, so that we do not have to try to address everything in the enhanced FWaaS API incorporating Security Group functionality. On the FWaaS side, I guess we can start discussing approaches to the enhanced FWaaS API, trying to determine to what extent this is coupled to different FWaaS with DVR solutions.

If you find any links to previous DVR documents, please let everyone know.

Mickey

-----Carl Baldwin <carl at ecbaldwin.net> wrote: -----
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
From: Carl Baldwin <carl at ecbaldwin.net>
Date: 08/31/2015 10:09AM
Subject: Re: [openstack-dev] [neutron][fwaas][dvr] FWaaS with DVR

Hi,

I did take the opportunity to read through your etherpad today.  Many
of the solutions that you propose have been discussed in the past but
there just hasn't been a traction on the problem.  You did a fine job
of writing this up and I think we should use your etherpad as a
central point for discussion.

I know that the original DVR team also did some discussion around this
and I believe had some documents with possible solutions.  I don't
know where those are at the moment and so I would also like to hear
from them.

It will be difficult to decide on a solution to this problem without
first knowing how fwaas and security groups will be going forward.  I
look forward to some good discussions at the summit.

Carl

On Wed, Aug 19, 2015 at 10:56 AM, Mickey Spiegel <emspiege at us.ibm.com> wrote:
> Resending, forgot the [neutron] tag
>
> -----Mickey Spiegel/San Jose/IBM wrote: -----
> To: openstack-dev at lists.openstack.org
> From: Mickey Spiegel/San Jose/IBM
> Date: 08/19/2015 09:45AM
> Subject: [fwaas][dvr] FWaaS with DVR
>
>
> Currently, FWaaS behaves differently with DVR, applying to only north/south
> traffic, whereas FWaaS on routers in network nodes applies to both
> north/south and east/west traffic. There is a compatibility issue due to the
> asymmetric design of L3 forwarding in DVR, which breaks the connection
> tracking that FWaaS currently relies on.
>
> I started an etherpad where I hope the community can discuss the problem,
> collect multiple possible solutions, and eventually try to reach consensus
> about how to move forward:
> https://etherpad.openstack.org/p/FWaaS_with_DVR
>
> I listed every possible solution that I can think of as a starting point. I
> am somewhat new to OpenStack and FWaaS, so please correct anything that I
> might have misrepresented.
>
> Please add more possible solutions and comment on the possible solutions
> already listed.
>
> Mickey
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150831/3a745660/attachment.html>